VPN users menaced by port forwarding blunder

Virtual Private Network (VPN) protocols have a design flaw that can be potentially exploited by snoops to identify some users' real IP addresses.

VPN provider Perfect Privacy, which discovered the security weakness, has dubbed it "port fail", and says it affects VPNs based on the IPSec (Internet Protocol security) or PPTP (point-to-point tunnelling protocol) specifications, or using the OpenVPN client software.

Attackers need to have an account with the same vulnerable provider as their intended victim, and need to trick the target to visit a website under the hackers' control.

"If the attacker has port forwarding activated for his account on the same server, he can find out the real IP addresses of any user on the same VPN server by tricking him into visiting a link that redirects the traffic to a port under his control," the researchers say.

Major virtual private network providers have been warned about the flaw. Private Internet Access says it has fixed the flaw and paid its rival US$5,000 for the research effort.

BitTorrent users are under particular threat, Perfect Privacy says, because if they use port forwarding as their default torrent client port, they don't need to be tricked into visiting an attacker's web site.